The proliferation of users and services on computer networks such as the Internet and local networks such as cable TV networks or cellular phone networks or corporate LANs raises security concerns for both users and service providers. Users want the data they submit or receive on such networks to be free from unauthorized interception and use. Similarly, service providers want their hosts and systems secured from unauthorized access and intrusion by “pirates” or “hackers.”
Global or large multiple user computer networks such as the Internet often allow users to access many different hosts and services from their computers via a single access connection. While this has enhanced users' abilities to access information and conduct business, large-scale networking has greatly complicated service providers' security mechanisms.
In any communication of data, the users desire data security consisting of (a) confidentiality from others, (b) authentication to ensure they know with whom they are communicating, (c) integrity to ensure that the message has not been modified in transit, and ideally, (d) non-repudiation to prevent a sender from falsely denying that a message was sent or received.
The need for data security extends to any communication of data between any two devices (dyads), whether or not they are online on the Internet. Networks can be thought of as groups of dyadic relationships between devices. Other examples of networks or dyads of devices where data security is an important issue include: a network of devices for the provision of a cable TV signal, a network of wired and/or wireless devices within a corporation or building, the wireless data medium between a cordless phone base and its handset, the wired and wireless network of devices for the provision of Satellite TV signal, a network of wired and wireless devices for the provision of cellular phone communications, a network of wired and wireless devices for the provision of radio communications, and many others.
One method of attempting to ensure confidentiality and sometimes authentication, integrity and non-repudiation is encryption. Data that is readily perceived is often known as plaintext, while plaintext that has been transformed via a cipher or a form of encryption may be known as ciphertext.
Another method of ensuring that no one else can intercept a communication is to ensure that it takes place away from any potential eavesdroppers. This is sometimes known as obscurity rather than security. For example, if secret encryption keys need to be exchanged between a telephone base unit and a cordless handset, it may be possible to do that at the factory before they are ever sold. The same might be true of military radios, or cable TV (CATV) servers and set-top boxes.
Cryptanalysis is the process of determining plaintext or the key on which an encryption algorithm is based, usually by using the ciphertext and knowledge of the algorithm.
One form of cryptanalysis is known as a “brute force attack.” A brute force attack generally is the attempt to try every possible key or every possible plaintext for a given block of ciphertext. Forms of encryption where the time or resources to try every possible plaintext or key are unreasonable can be known as computationally secure. Brute force attacks are not possible where no matter how much ciphertext a cryptanalyst has, it is not possible to figure out the plaintext or the key even with unlimited computer resources. Such an encryption algorithm would be considered unconditionally secure.
Currently used computationally secure encryption systems generally suffer from the fact that new methods of cryptanalysis are always being developed. Even if a particular system is considered secure today, it may be considered insufficiently secure in the near future. An unconditionally secure system does not suffer from that insecurity. For example, the new field of quantum cryptography may destroy most or all conditional security systems because processes now considered one-way may be far easier to compute with quantum based computing systems or methods. Easier computing of integer factoring, at the heart of public key cryptography, could lead to the rapid demise of this core encryption technology.
A key goal of encryption algorithms in general is the preservation of confidentiality of messages being transmitted between parties. Prior art ciphers are designed to protect against a security attack known as a “man in the middle” attack. Such an attack comprises an unauthorized party eavesdropping on a communication. Moreover, an unauthorized party intercepting insecure communications between parties may be able to substitute keys or messages that are sent back and forth between the respective parties to fool the parties into believing they are communicating with each other. Although prior art authentication measures minimize the likelihood of a man in the middle attack, the security of the messages is not guaranteed where either a man in the middle could impersonate one or both of the devices, or mount a cryptanalytic attack or a brute force attack to discover the key or the plaintext of messages. A method of encryption that minimizes or reduces the risks of a man in the middle attack remains desirable. A method of encryption that was unconditionally secure would provide such service, particularly if it also afforded or could be integrated with authentication, data integrity measures and non-repudiation.
One form of unconditionally secure encryption is known as the one-time-pad (OTP) which was patented in 1919 (1,310,719) in the context of the telegraph machine. Because it involves a random key character used to encrypt each character of plaintext, there is no information in the ciphertext on which to use cryptanalysis. The number of possible keys approaches infinity and even if some of them were guessed and operated on the ciphertext to produce meaningful plaintext, there would be no way to know which of the multitude of plaintexts rendered was the intended one. However, the commercial use of a OTP is extremely limited because the key needs to be as long as all messages ever to be conveyed using the system, and no part of the key could ever be reused There remains a commercial and societal need for an unconditionally secure system of encryption.
In addition, existing encryption systems are difficult to employ where the speed of the communication is critical, for example where the bandwidth of the medium of communication is limited relative to the data flow. In addition, where the processing of the encryption algorithm is complex, its speed may be insufficient for certain applications, such as those that require realtime communication. For example, current encryption systems are impractical today where the speed of the communication, whether wired or wireless, is sufficient for the message, but insufficient for both the message and encryption. Music, voice and video, as well as many other forms of data are difficult to encrypt in real time because of bandwidth and speed constraints.
One of the reasons most prior art encryption systems are slower than optimal for many commercial applications is that they use one or more complex one-way functions. A one-way function is far more difficult to compute in one direction than another. A simple example is square/square roots. It is simpler to compute the square of a number than the square root. However the types of one way functions used by most encryption take far longer to compute in either direction than the present invention which uses only the comparatively fast operations of modified addition and modified subtraction.
Another reason most prior art encryption systems are slower than optimal and slower than the present invention is that they consist of far more numerous operations than the present invention. For example, on average most commonly used encryption methods use 6-50 operations per byte of plaintext to be encrypted. Also, the more complex the encryption system, usually the more expensive it is to deploy and use. The present invention fills a social and commercial need for a simple and fast strong encryption method and system.
Another reason prior art encryption techniques can be slow is that they generally require the complex generation and transmission of keys. The present invention provides an embodiment not requiring any transmission of keys and another which functions on the rapid generation and transmission of very simple keys.
While prior art encryption methods attempt to assure secure communication sessions, the level of security associated therewith often remains within a single state. The methods are static in that the keys that are used to encrypt and decrypt the messages remain the same during a single communication session.
There are currently many algorithms, systems, and protocols to accomplish each of the goals of (a) confidentiality, (b) integrity, (c) authentication and (d) non-repudiation. However there is no other technology today that can conveniently provide the high speed processing and unconditional security which would be a commercially useful improvement to many of today's applications and would also facilitate the creation of new high-bandwidth or high-speed secure applications.
The present invention provides for high speed dynamically changing security to accomplish (a) confidentiality, and can both work with any other encryption method and facilitate or incorporate any other method of accomplishing (b) integrity, (c) authentication, and (d) non-repudiation. Such security is in some embodiments unconditional.
Another application of encryption is to ensure the exclusivity of a dyadic communication. In other words, if A is a server communicating with a client B, neither wants C to be able to substitute itself for B, and A does not want C to be able to copy B such that there are multiple clients on B's account, or non-paying clients without an account.
What is needed is a method for protecting data from being stolen while in transit, and a method for protecting client data receivers, like Cable TV set-top boxes or their significant components like smart cards or point of deployment modules, from being cloned or copied.
Some systems are primarily designed as one to many networks, such as cable TV or satellite TV systems. A content server or head-end originates a datastream to many, sometimes millions of clients or set-top boxes. Along the way there may be dozens of nodes which receive the datastream and relay it to one or more other nodes. There may be scrambling, or encryption, such as that of the present invention, on the data stream at any or every point from the content server to the ultimate user. The data encrypted could be all the data or only a portion or only metadata rather than the actual TV signal.
In addition, some systems becoming commercially more attractive are already one to one systems, such as certain forms of movies on demand, music on demand and television on demand.
It is, therefore, desirable to provide an efficient fast system for securing a communication session such that an intercepted message from an unauthorized party cannot be deciphered. It is, also desirable to provide an efficient and fast system for preventing the piracy or theft of a data signal.